Skip to main content
CVE-2023-6883 MEDIUM This Month

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-7019 MEDIUM This Month

The LightStart - Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-20573 LOW Monitor

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7763 Firmware Epyc 7713P Firmware Epyc 7713 Firmware Epyc 7663P Firmware +61
NVD
CVSS 3.1
3.2
EPSS
0.1%
CVE-2023-7048 LOW PATCH Monitor

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF
NVD VulDB
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-21337 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Buffer Overflow Google Heap Overflow Microsoft Edge Chromium +1
NVD
CVSS 3.1
5.2
EPSS
0.9%
CVE-2024-20675 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium Chrome
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0426 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Foru Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-22198 HIGH POC PATCH THREAT GHSA This Month

Nginx-UI is a web interface to manage Nginx configurations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.0%.

Privilege Escalation Command Injection Information Disclosure Nginx RCE +1
NVD GitHub
CVSS 3.1
7.1
EPSS
16.0%
CVE-2024-22196 HIGH POC PATCH GHSA This Month

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Nginx SQLi Nginx Ui
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2024-0425 MEDIUM POC This Month

A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Foru Cms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0424 LOW POC Monitor

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Banking System
NVD VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-0423 LOW POC Monitor

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD VulDB
CVSS 3.1
3.5
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-0422 LOW POC Monitor

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pos And Inventory Management System
NVD VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-0419 MEDIUM POC This Month

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Httpdx
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-22199 CRITICAL PATCH This Week

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Django
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2024-22197 HIGH POC PATCH GHSA This Month

Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Privilege Escalation Command Injection Information Disclosure Nginx RCE +1
NVD GitHub
CVSS 3.1
7.7
EPSS
3.1%
CVE-2024-0418 MEDIUM POC This Month

A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Sharing Wizard
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-0417 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dsshop
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0416 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Dsmall
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0415 MEDIUM This Month

A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dsmall
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0414 MEDIUM This Month

A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dscms
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0413 MEDIUM This Month

A vulnerability was found in DeShang DSKMS up to 3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dskms
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0412 MEDIUM This Month

A vulnerability was found in DeShang DSShop up to 3.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dsshop
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0411 MEDIUM This Month

A vulnerability was found in DeShang DSMall up to 6.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dsmall
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-23061 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-23060 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-23059 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-23058 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-23057 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-22942 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-0429 HIGH This Month

A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Hex Workshop
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0252 HIGH This Month

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.1% and no vendor patch available.

RCE Code Injection Manageengine Adselfservice Plus
NVD
CVSS 3.1
8.8
EPSS
29.1%
CVE-2024-21669 CRITICAL POC PATCH Act Now

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure Aries Cloud Agent
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2024-21637 HIGH PATCH This Month

Authentik is an open-source Identity Provider. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Authentik
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-22195 MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Jinja
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-22194 LOW POC PATCH Monitor

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. Rated low severity (CVSS 2.2). Public exploit code available.

Python Information Disclosure Case Python Utilities Cdo Local Uuid Utility
NVD GitHub
CVSS 3.1
2.2
EPSS
0.0%
CVE-2024-22190 HIGH POC PATCH This Month

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Python Gitpython Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-21667 MEDIUM POC PATCH This Week

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Information Disclosure Customer Management Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-21666 MEDIUM POC PATCH This Week

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Customer Management Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-21665 MEDIUM POC PATCH Monitor

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft E Commerce Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-21833 HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Deco X50 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-21821 HIGH This Month

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Archer Axe75 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2024-21773 HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Deco X50 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy